[wp-trac] [WordPress Trac] #35715: edit_user() doesn't check for empty password (pass1).

WordPress Trac noreply at wordpress.org
Tue Mar 1 10:56:51 UTC 2016

#35715: edit_user() doesn't check for empty password (pass1).
 Reporter:  gitlost                              |       Owner:
     Type:  defect (bug)                         |  SergeyBiryukov
 Priority:  normal                               |      Status:  reviewing
Component:  Users                                |   Milestone:  4.5
 Severity:  normal                               |     Version:  4.4
 Keywords:  needs-testing good-first-bug has-    |  Resolution:
  patch                                          |     Focuses:

Comment (by gitlost):

 Good point, and there's a load of other `empty()` tests in there that have
 the same issue. Not sure what the correct thing to do is - I suppose
 change the `pass1` check to do the right thing? (The others could then be
 fixed in a separate ticket - along with `user_login`, which does do an
 exact match but fails to do a `! isset()` first, leading to a PHP

 Re coding style there should be a
 standards/php/#space-usage space] before the `$update`, and after opening
 and before closing round brackets in the errors add bit...

Ticket URL: <https://core.trac.wordpress.org/ticket/35715#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list